Hi. All of the sudden some of our VBScript executables are getting deleted throughout the orgainzation ever since the 6647 dat was downloaded and updated. Do we need to revert to the previous dat or is there something else that can be done?
Sounds like a false positive detection
If your VBScript executables as stored in a specific location then adding the file path to the exclusions list in your 'On-Access Default Processes' policy should prevent them from being scanned and deleted.
Hi, thanks for your participation. We have added the exclusion and the executables still get flagged. We added teh exclusion "**\deploy\*.exe" . We also added a specific file exclusion "billy goat exgtraction.exe". The executables are run from CD, DFS share and local drives.
We have dealt with a variety of false positives that creep in from time to time. To get them fixed in the DAT and get the AV folks aware of their existence and not being part of whatever overbroad signature they put in place, you can report the FP's with this procedures;
(link available as submit a sampel from the service portal site--I needed to be logged into the service portal to see this link):
and select an issue type of "suspected false"